Haystack
← Back to Jobs
Administrative

Senior Identity Security Architect

Icon International Group LLCWashington, DC🇺🇸United StatesPosted 17 Jul 2026

Quick Overview

Work Type
Hybrid
Level
Mid Senior

Job Description

Role: Senior Identity Security Architect, hybrid,

Location: Washington DC

Core Responsibility
Own the target-state architecture for the enterprise identity security platform spanning:

  • BeyondTrust (Password Safe, EPM, PRA)
  • Microsoft Entra ID
  • Active Directory
  • SailPoint IDN

They want someone who can act as the design authority — not just an engineer, but the person setting standards other teams build against.

Key Deliverables

  • Architecture/reference designs + standards teams must follow
  • Migration & cutover strategy for moving large user populations to modern identity platforms (with rollback/risk mitigation planning)
  • Driving phishing-resistant authentication and least privilege/PAM architecture enterprise-wide
  • Zero Trust identity patterns, hybrid identity, cloud identity adoption (Azure/AWS/Google Cloud Platform)
  • Translating architecture into actual delivery roadmaps with engineering/program management
  • Leading design reviews, mentoring build engineers
  • Documenting risks/trade-offs for leadership
  • Using AI tooling to speed up architecture analysis and documentation

Must-Have Experience

  • 15+ years identity/security engineering, with real architect-level experience at enterprise scale
  • Has led a full identity modernization program end-to-end (not just participated in one)
  • Deep expertise in 2+ of: BeyondTrust, Entra ID, Active Directory, Okta, SailPoint (plus working knowledge of the rest)
  • Strong grasp of SAML, OAuth2/OIDC, SCIM, Kerberos, LDAP, federation, MFA, RBAC/ABAC, tiered admin
  • Has personally set architecture standards / acted as design authority across multiple teams before
  • Strong communicator across engineer-to-executive audiences
  • Comfortable working independently across multiple concurrent workstreams

Nice-to-Have

  • CISSP, SABSA, TOGAF, SC-300, or SailPoint Certified Engineer

Skills

SAFe

Similar jobs